The COVID-19 pandemic has greatly increased the use of technology by companies throughout the world. Internal meetings are being conducted using various platforms as employees work from home, and the boom in online buying has exploded even more than it did for the holiday season in 2019.
What’s more, all kinds of information is being shared on the worldwide web, including credit card numbers, addresses, and even confidential business information in virtual meetings. Each instance is vulnerable to a potential cyberattack.
Has your business’s technology outpaced its controls to protect you financially in the event of such an attack? This is a question that needs to be asked and answered because your cyber liability protections must be kept updated along with your advances in technology.
This is a business expense you should not avoid; if you do, you could become an unattractive risk to cyber insurance companies and/or pay handsomely if your business becomes a target for cybercrime.
The fable “The Tortoise and the Hare” is a good analogy for this situation as the world deals with the consequences of the COVID-19 pandemic. The hare in this story is obviously the faster animal in the race, and he knows it. In a similar way, technology has been able to quickly provide many businesses with the ability to share information with employees whether through emails or online meetings.
Customers have stayed in touch with their business online, as well, whether buying items or asking questions of customer service representatives. Much of this transition occurred quickly and seamlessly thanks to technology (the hare).
But in the real world, the hare needs the tortoise in order for the race to be run. It’s the tortoise that represents the deliberate and methodical protection a business needs, the cyber liability coverage to insure the business if a cyberattack occurs.
This is the part of the equation that isn’t usually seen except by business management and insurers. And it’s the tortoise that can keep the business running after some type of attack. The tortoise may be slower, but he’s just as important to saving a business from ruin.
Up-to-date cyber liability coverage is critical for both large and small businesses. Cyber liability losses, both first party (insured) and third party (vendors, clients, prospects), occur whether you’re a large, multi-national organization with a multi-million-dollar risk management budget or a Main Street small business.
The cyberattack that Target experienced a few years ago was significant and reported on nationally. It was another reminder of how vulnerable technology and the systems we use daily are to attack.
Large retailers and hospitality organizations are frequently targeted because of the number of customer credit card transactions they handle. It’s the same for health care providers, due to the vast amount of personal and medical data they access, and small businesses are seen as vulnerable because of limited risk management and IT security resources they have access to.
Businesses should be aware of their cyber liability policy and coverages. These range from minimal sub limits for first party losses to multi-million-dollar limits to cover most cyber liability scenarios. Cost of coverage is based on class of business, exposures such as employee count, sales/revenue, number of transactions, and contractual risk transfer and other risk management controls.
Most cyber liability policies offer a variety of potential coverages. They include:
- Incident response expenses, such as public relations campaigns, crisis management, IT forensic investigations, or malware removal.
- Network security and privacy liability, which covers failure to prevent transmission of personal or confidential information.
- Multimedia liability, which can include copyright infringement, trademark infringement, and defamation arising out of the insured’s electronic publishing.
- Cyber theft, social engineering, and fraudulent wire transfers, which involve fraudulent funds transfers from bank or securities accounts.
- Business interruption coverage, which is reimbursement for loss of income during the time of interruption caused by a cyberattack and the increased costs to get your business back up and running.
- Extortion for ransomware and similar malicious software.
- Legal support expenses from a cyber incident.
- Data restoration expenses, which can be substantial.
These coverages are wide-ranging, but each business should be aware of what it needs to keep itself protected. An insurance agent will provide guidance as necessary to you as a business owner. At the same time, there are steps that business owners can take to make them more attractive to the carriers’ underwriters, help prevent cyberattacks, and make the return to normal easier if an attack does occur.
For example, ensuring that employees are trained and aware of the threat of cyberattacks for the business. Employees should be cautioned about opening suspicious emails. Having antivirus and antispyware software in place is highly important for any business as is using a firewall for all internet connections.
Other steps include downloading and installing software updates when available; backing up data companywide; controlling and limiting data or information access internally; securing your network; and regularly changing passwords.
All of these steps seem basic, but they are also critical. They can help you keep the pace of the hare in using technology to serve your customers, while also keeping the tortoise’s job top-of-mind to protect your company from cyberattacks, even after the COVID-19 pandemic is just a bad memory.
Matthew M. McGrail serves as senior vice president of agency at the Meadowbrook Insurance Agency, overseeing commercial and personal lines divisions across four Michigan offices in Southfield, Ann Arbor, Jackson, and Saginaw. McGrail, who has more than 15 years of insurance industry experience, manages carrier distribution channel relationships, oversees the commercial marketing division strategy, and leads agency growth and retention strategies for the agency.
